How Park Jin Led North Korea’s $1.4B Bybit Crypto Heist
At first, February 21, 2025, looked like just another workday at Bybit. Employees logged in, traders placed orders, and in the depths of Bybit’s cold wallets, a staggering 401,347 ETH—valued at $1.4 billion—remained locked behind layers of encryption and multi-signature security. Everything was as it should be. Until it wasn’t.
On this page
- The Man Who Never Was
- Park Jin: The Shadow Operative of Pyongyang
- The Digital Shadow That Stole Billions
- The Bybit Breach: A Cyber Heist Unlike Any Other
- Lazarus Didn’t Break In—They Settled In
- A Masterpiece of Deception
- A Split-Second Decision Worth $1.4 Billion
- Vanishing Act: How Lazarus Covered Its Tracks
- Bybit Faces Its Toughest Hack—And Endures
- The Lazarus Playbook: A Game-Changer for Crypto Security?
- Park Jin Hyok: The Phantom North Korea Can’t Afford to Lose
And then, in a split second, $1.4 billion vanished…
- No security alerts.
- No immediate red flags.
- No evidence of forced entry.
The transfer had been approved—by Bybit’s own security team.
At that moment, thousands of miles away in Pyongyang, one man watched it all unfold in real time. A figure known only to top intelligence circles and the hidden depths of the dark web.
His name? Park Jin Hyok.
A digital ghost. The most elusive cybercriminal North Korea had ever unleashed.
For months—perhaps years—he meticulously planned every move.
He infiltrated Bybit’s operations. Exploited its weaknesses. Created an illusion so perfect that it passed right under the noses of the best cybersecurity experts.
This wasn’t a hack. It was a psychological operation.
Possibly the most intricate digital heist the world has ever seen.
The Man Who Never Was
There were no public sightings of Park Jin Hyok.
No official photos.
No verifiable proof of his identity.
Yet, his digital fingerprints had been pursued for years by top intelligence agencies and cybersecurity teams worldwide.
- To the FBI and Interpol, he was one of the most dangerous cybercriminals on record.
- To North Korea, he was a national asset so vital that his very existence was classified.
Park Jin: The Shadow Operative of Pyongyang
He wasn’t just another hacker.
He was a meticulously trained cyber operative, shaped by Kim Chaek University of Technology and drafted into the Reconnaissance General Bureau (RGB)—North Korea’s most secretive intelligence division.
His mission?
- Break in undetected.
- Exploit weaknesses.
- Cripple financial systems from the inside.
While amateur hackers relied on brute force, Park played the long game, embedding himself within digital structures and unraveling them piece by piece.
The Digital Shadow That Stole Billions
2014: Sony Pictures—Hollywood’s secrets exposed in a devastating breach.
2016: A surgical strike on the Bangladesh Central Bank, draining $81 million via SWIFT.
2017: WannaCry—ransomware that held the world hostage, paralyzing hospitals and corporations alike.
2022: The Ronin Bridge attack—$625 million in crypto vanished overnight.
2023-2024: A relentless campaign against crypto exchanges—$1.34 billion stolen in a year.
But Bybit?
That was his masterpiece.
The Bybit Breach: A Cyber Heist Unlike Any Other
Stolen credentials. Leaked security keys. Exploited smart contracts.
That’s how most crypto heists unfold.
But this was different.
Park Jin Hyok and the Lazarus Group didn’t crack Bybit’s defenses.
They cracked its people.
Lazarus Didn’t Break In—They Settled In
Well before the heist, they were already inside:
- Listening to Bybit’s internal conversations.
- Controlling email servers.
- Watching from within employee workstations.
Yet they remained unseen. Unnoticed.
They stole nothing.
Not yet.
They waited.
They listened.
They learned.
Only one crucial piece remained:
Who Controls Bybit’s Cold Wallets?
Lazarus didn’t guess. They calculated.
They pinpointed a small, exclusive circle of employees with the power to authorize transactions from Bybit’s Ethereum reserves.
- They tracked their routines.
- Predicted their behaviors.
- Studied their workflow down to the smallest detail.
And then, with precision and patience, they struck.
A Masterpiece of Deception
February 21.
The final act had begun.
A transfer request surfaced in Bybit’s security interface.
Every detail was meticulously crafted.
✔ The interface was indistinguishable from past transactions.
✔ The recipient’s wallet had a clean history.
✔ The amount raised no suspicion.
It was a perfect forgery.
But behind the polished facade, the contract was already compromised.
The moment employees hit “Approve”, they weren’t just authorizing a transfer.
They were rewriting the smart contract, handing Lazarus complete access to Bybit’s cold storage.
“This is Lazarus. They just stole $1.46 billion from Bybit. And they didn’t break the code — they broke the people,” Web3 analyst Pix (@PixOnChain) stated.
A Split-Second Decision Worth $1.4 Billion
They examined the transaction. Everything checked out.
A brief hesitation—then, one by one, they authorized the transfer.
At that moment, Bybit’s $1.4 billion slipped away.
Now, it was under North Korea’s command.
Vanishing Act: How Lazarus Covered Its Tracks
The golden rule of a billion-dollar crypto heist? Don’t get caught moving the money.
Lazarus took their time. They had done this before.
✔ ETH were dispersed into 53 different wallets, instantly obscuring the trail.
✔ Some held 10,000 ETH, others barely enough to notice.
✔ The funds lay untouched, frozen in time, waiting for the right moment to slip through mixers and cross-chain swaps.
They had drained billions in crypto over the years, yet much of it still sat untouched—an invisible fortune waiting in the dark.
Some funds stolen back in 2018 remain untouched to this day.
Lazarus understood one thing: money doesn’t need to move to be valuable. They could wait—for years if necessary.
As Bybit fought to recover their losses, Park Jin was already orchestrating his next breach.
Bybit Faces Its Toughest Hack—And Endures
A $1.4 billion breach could have spelled the end for any exchange.
Bybit, however, remained firm.
With swift action, Ben Zhou (CEO & Co-founder) stabilized the situation:
✔ Secured emergency capital, absorbing 80% of the financial hit.
✔ Protected user assets, preventing further panic.
✔ Maintained liquidity, allowing withdrawals—even as $1.5 billion left within a day.
Although we have been hit by the worst hack possibly in the history of any medians (banks, crypto, finance).
Ben Zhou outlined.
But all Bybit functions and product remain functional, the Whole team had been awake all night to process and answer client questions and concerns.
ALL hands on DECK. Rest assured, we are here with you,
Bybit held its ground—But at what cost?
The breach had already made history. The largest crypto hack ever recorded.
Now, the world demanded justice.
Manhattan prosecutors vs the crypto hacker—what are the charges, and how will this shake the market?
The Lazarus Playbook: A Game-Changer for Crypto Security?
This wasn’t just about Bybit.
This attack revealed a terrifying truth:
- Multi-signature wallets aren’t unbreakable.
- Cold storage is not as secure as the industry believed.
- The real risk isn’t in the blockchain—it’s in the people operating it.
For years, crypto was seen as an unhackable system. Lazarus proved otherwise.
They infiltrated one of the world’s most fortified exchanges—without deploying malware, without writing a single exploit.
And as long as they continue their operations, they’ll strike again.
Park Jin Hyok: The Phantom North Korea Can’t Afford to Lose
Somewhere within North Korea, Park Jin Hyok lives in the shadows.
The FBI wants him in cuffs.
Interpol follows his every move online.
His government? They don’t just deny he exists—they depend on him.
To Pyongyang, he’s not a criminal. He’s a national hero.
And as long as billions continue to flow through crypto, there’s only one question left:
Who will be the next victim?
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.